Propagating the Kerberos Server
Setting Up Propagation
Chapter 9258
Setting Up Propagation
After installing and configuring your primary and secondary security
servers, you must propagate principal database information from the
primary security server to all secondary security servers.
Before you can configure propagation, each secondary security server
must have an existing principal database to act as a container for the
information being propagated to the server. The principal database is
created during installation.
Each security server must also have a stashed master key. If you created
the database during installation, the key is automatically stashed in the
/opt/krb5/.k5.REALM file. If you created the database after installation
using kdb_create, verify that you stashed the key using the kdb_create
-s or kdb_stash tool.
The mkpropcf tool aids propagation configuration by reading the
Kerberos configuration file, krb.conf, and constructing the required
propagation settings.
The primary security server component contains three daemons. You
need to restart and stop these daemons at various times throughout
propagation.
NOTE During initial propagation of the principal database to all secondary
security servers, the startup order of the services or daemons is critical.
However, after the initial propagation is complete, the startup order is
irrelevant.
